A developer accidentally created an unencrypted Amazon RDS MySQL database. The security team requires the database to be encrypted at rest. How can a solutions architect achieve this with the LEAST downtime?

Answer options:

Modify the existing RDS instance and enable encryption.

Take a snapshot, copy it with encryption enabled, and restore a new instance.

Create a new encrypted Read Replica and promote it to master.

Use AWS DMS to migrate data to a new encrypted instance.

How to approach this question

Recall the RDS encryption limitation.

Full Answer

B.Take a snapshot, copy it with encryption enabled, and restore a new instance.✓ Correct

Take a snapshot of the unencrypted DB, copy the snapshot and enable encryption, then restore a new DB instance from the encrypted snapshot.

To encrypt an existing unencrypted RDS instance, you must take a snapshot, copy the snapshot while selecting the option to encrypt the copy, and then restore a new DB instance from the encrypted snapshot.

Common mistakes

Assuming you can just modify the instance to turn on encryption.

Question 14 All questions Question 16

Practice the full AWS SAA-C03 Practice Exam 2

65 questions · hints · full answers · grading

More questions from this exam

Q01A company wants to ensure that no AWS resources can be created in the ap-northeast-1 region acros...Easy Q02A web application runs on Amazon EC2 instances behind an Application Load Balancer (ALB). The com...Easy Q03A company is storing highly sensitive data in an Amazon S3 bucket. The security team requires tha...Medium Q04An application running on an EC2 instance needs to access an Amazon DynamoDB table in a different...Hard Q05A company needs to store database credentials securely. The credentials must be automatically rot...Medium

View all 65 questions →